Today's online retailers and social network services provide statistics about the user population for the purpose of making recommendations or for locating affinity groups. For example, a well-known online retailer offers statistical information on the products they have for sale. To illustrate, when a customer views a particular item on the online retailer's website, the website also displays products that other viewers of that particular item also viewed. As another example, a popular social network service provides statistical information about the size of a user's extended network and partial or complete paths to other users who are not in the user's immediate network. As yet another example, another popular social network website provides statistical information about the number of users who have indicated a preference for particular content that is being displayed within the social network.
Oftentimes, identities of users who have made the preference indications are revealed in association to the statistical information displayed. For example, a statistic may reveal that four people prefer a particular news article that has been posted and a mouse-over on the statistical information may reveal who exactly preferred the news article. This may discourage users from indicating their preferences if they do not want other users to know their preferences. Additionally, this statistical information is presented as numerical values. Adversarial users who are attempting to identify the users who are associated with the numerical value may perform various actions to modify user data in the social network in an attempt to determine the identity of users and their preferences. Therefore, what is needed is a method to protect the privacy of users making inputs into an online system.